Information Exposure in IBM Multi-Enterprise Integration Gateway and B2B Advanced Communications
CVE-2015-5022

Currently unrated

Key Information:

Vendor
IBM
Vendor
CVE Published:
6 October 2015

Summary

The IBM Multi-Enterprise Integration Gateway and B2B Advanced Communications products have a vulnerability that exposes sensitive information. When guest access is enabled, an internal hostname and payload path can be unintentionally leaked in response data. This situation allows remote authenticated users to exploit trading-partner relationships to gain unauthorized access to sensitive response fields, thereby compromising data integrity and confidentiality.

References

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.